System Engineer, Information Security (Red Team) at Octopus

Hong Kong, Hong Kong Island, Hong Kong S.A.R. -

Full Time

Start Date

Immediate

Expiry Date

11 Jun, 26

Salary

0.0

Posted On

13 Mar, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Adversary Simulation, Penetration Testing, Exploit Development, Security Controls Validation, Endpoint Detection & Response, Compromise Assessments, Purple Team Exercises, Technical Reporting, Attack Techniques, MITRE ATT&CK, OWASP, TCP/IP, Linux System Administration, Windows System Administration, Cloud Security, Python

Industry

Financial Services

Description

Job Responsibiities: * Execute red team initiatives, including adversary simulation, penetration testing, and exploit development, under the guidance of the red-team leader * Test and validate the effectiveness of security controls by using red-team approach * Review and analyze Endpoint Detection & Response alerts to identify potential breaches, suspicious activities, and advanced attack attempts * Conduct compromise assessments to identify signs of prior or ongoing unauthorized access to improve detection capabilities and validate security posture * Participate in purple team exercises and work closely with blue team and other security functions to improve detection and response capabilities through these exercises * Document findings and provide detailed technical reports with actionable remediation recommendations * Stay ahead of emerging attack techniques, tools, and threat actor behaviors to enhance testing methodologies * Keep abreast of the latest technologies such as cloud computing and mobile devices, and the corresponding security challenges as well as controls Job Requirements: * Bachelor degree in Computer Science or relevant disciplines, cyber secruity stream is preferrable * Minimum 2 years of work experience in IT security or equivalent with at hands-on in offensive security or red teaming such as penetration testing and vulnerability assessment * Strong understanding of attack techniques across network, application, and endpoint environments * Familiar with frameworks such as MITRE ATT&CK, OWASP * Knowledgeable in TCP/IP, Linux/UNIX System Administration, and Windows System Administration * Knowledge of Database Administration, Network Security, Mobile Technology, Cloud Security, Application Security, Active Directory Security and Virtualization Technology is preferred * Knowledge of Core Java / C / C++ / Python is preferred * Familiar with information security standards such as ISO27001 and HKMA C-RAF is a plus We offer successful candidate an attractive remuneration package and excellent career prospects. Interested parties please send your resume, present and expected salary, contact details and quoting the reference number by clicking "Apply Now" Visit our web site: http://www.octopus.com.hk/ The personal data collected will be used for recruitment purposes only. If you are not contacted by us within six weeks, you may consider your application unsuccessful. Personal data with an unsuccessful applicant will be destroyed 12 months after rejection of the application. During this retention period, you have the right to request for correction or destruction of your personal data at any time. Any request for the correction or destruction of personal data should be addressed in writing to our Human Resources & Administration Department. Octopus is an equal opportunity employer and all employment decisions and Human Resources policies are administered; especially those relating to recruitment & selection, compensation & benefits, promotion & transfer, training & development and termination & redundancy; without discrimination on the basis of age, race, colour, religion,sex, national origin, marital status, pregnancy, physical and mental disability and family status but on genuine occupational qualification, job performance, employees’ ability and internal/ external relativities. Octopus Holdings Limited Born from Hong Kong's demand for fast, convenient, and reliable payment solutions, Octopus introduced the world's first contactless multi-modal transit payment system in 1997. Since then, this homegrown FinTech company has pioneered innovative payment solutions for urban living across four continents. Our Vision To become the most preferred payment and lifestyle companion that connects customers and business partners through our best-in-class products and services. Our Mission Making everyday life easier. Our Values Customer Centricity, Simplicity & Trustworthiness. Dedicated to addressing customer needs and adapting to evolving market trends, Octopus has broadened its services beyond transportation to encompass retail, e-commerce, cross-border transactions, and travel abroad. Today, we serve approximately 98% of Hong Kong’s population, processing around 15 million transactions at more than HK$300 million on average daily. At the heart of our success are our colleagues. We value mutual respect, foster collaboration, and encourage innovation and partnership. Join us and shape the future of payment solutions. Your impact starts here!

Responsibilities

The role involves executing red team initiatives such as adversary simulation, penetration testing, and exploit development to test and validate security controls. Responsibilities also include analyzing security alerts, conducting compromise assessments, and participating in purple team exercises to enhance detection and response capabilities.